We have a site that uses many DNN Wrapped and direct use of Telerik Controls in our custom modules. I was looking to remove Telerik based on the recommendations to do so. But it would take finding ways to do similar things and recoding the modules. We use lots of wrapped Numeric and Mased Text Boxes as well as TabStrip, Windows, Page Views, Loading panels, etc... The modules currently have a short lifespan in the future and will no longer be used in say 6-9 months.
So what I am wondering is if I purchase the Telerik controls directly and overlay the dlls, will the vulnerability be mitigated without having to redesign and recode modules that will be dead within the year?
Posted By Joe Wolner on 17 Feb 2022 07:24 PM We have a site that uses many DNN Wrapped and direct use of Telerik Controls in our custom modules. I was looking to remove Telerik based on the recommendations to do so. But it would take finding ways to do similar things and recoding the modules. We use lots of wrapped Numeric and Mased Text Boxes as well as TabStrip, Windows, Page Views, Loading panels, etc... The modules currently have a short lifespan in the future and will no longer be used in say 6-9 months. So what I am wondering is if I purchase the Telerik controls directly and overlay the dlls, will the vulnerability be mitigated without having to redesign and recode modules that will be dead within the year?
You could buy a Telerik license..?
Posted By Joe Wolner on 22 Feb 2022 02:22 PM Can't you? https://www.telerik.com/aspnet-mvc
Whom do you mean by "you"?
To explain it a bit: In 2009, DNN Corp. and Telerik signed an OEM agreement stating that Telerik's entire RAD Control suite was shipped with all editions of DNN. This contract ended in 2013 and the status of the delivered Telerik controls was "frozen" at that time - DNN Corp. received the source code with the right to fix bugs and security-related problems, but not to further develop the suite or use new versions. Then DNN went back to the community, unpaid and voluntary developers who brought and bring DNN forward. But these security issues continued to escalate, and it took more and more effort from the developer community to fix them.
On the other hand, many DNN components were (and are) dependent on this library, so removing them step by step from DNN is like open-heart surgery. Thanks to the joint effort of everyone, version 9.8.0 had succeeded in removing these from a DNN installation, and provided the extensions that do not require the library.
This has been a strategic decision. We all must understand that people who work hard and for free are not willing to pay for an extra-expensive license. The decision is to only use open source, free tools in the delivered DNN package.
So if you need Telerik, you have to buy it yourself.
Happy DNNing! Michael
PS. Even during the agreement with Telerik, third party developers were NOT allowed to use the Telerik components in their products, only wrapper functions provided by the DNN core - or buy a license. What you call "[...]direct use of Telerik Controls in our custom modules [...]" is exactly this scenario.
Han,
We are considering purchasing a telerik license to develop DNN modules for a web application we are building. We are currently on DNN 9.11
For web development they have several options such as Telerik UI for ASP.NET AJAX, Telerik UI for ASP.NET MVC, Telerik UI for ASP.NET Core, Telerik UI for Blazor, etc.
Which one do you use?
FYI, I don't personally really hear of people in the DNN community using Telerik much these days. Most of us are writing true SPA implementations using either React, Angular, or Vue. Back in the day, doing that was far more difficult than it is today. 🙂
However, just looking at the titles, you probably need to choose the edition for ASP.NET AJAX. Also, you'll want to follow the full instructions for removing telerik from DNN before starting, unless you've already done that. Otherwise, you're going to keep running into issues.
These Forums are dedicated to the discussion of DNN Platform.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.